Skip to main content

Certificate Signing Request (CSR) Help: Steps to create a new CSR while another certificate is currently installed?

User-added image
For Microsoft IIS

When renewing a certificate, IIS will generate a CSR identical to the original request. You may want to change this information in the following circumstances:

  • You are renewing a certificate and you need to change the distinguished name (DN) information in your CSR.
  • You are renewing a certificate and you need to change the key bit length of your CSR.
  • You are renewing a certificate with Entrust that was originally issued by another Certification Authority (CA).

Solution:

In order to make changes to your original request, you must create a temporary Web site in IIS and use it to generate the CSR. Follow the procedures below.

This process is in two parts:
1) Generate the Certificate Signing Request from a temporary web site
2) Install the new certificate

Part 1 of 2: Generate the Certificate Signing Request from a Temporary Web Site

  1. Launch the Internet Services Manager:
    Select Start /All Programs/ Administrative Tools/ Internet Information Services
  2. Right-click the Web Sites folder in the left preview pane. Select New , and then Web Site .


  • The Web Site Creation Wizard appears. Click Next .
  • Provide a description for the web site and click Next .


  • Enter a dummy IP Address (i.e. 1.1.1.1 ) for the web site. Keep the default TCP Port and Host Header settings. Click Next .
  • Supply a path for the Web site home directory and click Next.


  • Click Next to accept the default Web Site Access Permissions .


  • Click Finish to complete the Web Site Creation Wizard.


  • Your new Web site now appears in the IIS Manager window under Web Sites . Right-click the Web site and select Properties .

  1. Click the Directory Security tab, and click Server Certificate .


  • The Certificate Wizard appears. Click Next .
  • Select Create a new certificate and click Next .


  • Select Prepare the request now, but send it later and click Next .


  • Supply a friendly name for your certificate. Choose a bit-length of 2048 and click Next .


  • Supply the name of your company or organization in the field provided. If relevant, supply the name of your division or department in the Organizational Unit field provided. Click Next .


  • Supply the Common Name of your Web server in the field provided. This name must match the fully qualified domain name on the certificate being renewed . Click Next .


  • Supply a Country/Region , State/province and City/locality. Click Next .


  • Supply a File name in which to save your Certificate Signing Request (CSR) and click Next .


  • Review the Request File Summary , then click Next to generate the file.


Part 2  of 2: Install the new certificate

After receiving the new certificate from Entrust, follow the steps below to install it on the Web server:

  • Click Finish to complete the Certificate Wizard.
  • Use the CSR you have generated (certreq.txt) to submit the renewal request to Entrust.
  1. Copy and paste the Server Certificate (including the BEGIN and END tags) into a text editor such as Notepad and save it on your server.

  • Launch the Internet Services Manager:
    Select Start > All Programs > Administrative Tools > Internet Information Services.

  • Right-click the temporary Web site from the left preview pane and select Properties .


  • Click the Directory Security tab, and click Server Certificate .


  • The Certificate Wizard appears. Click Next .
  • Select Process the pending request and install the certificate and click Next .


  • Browse to the location of your Server Certificate file and click Next .


  • Specify SSL port 443 and click Next .


  • Review the Certificate Summary, then click Next to install the certificate.


  • Click Finish to complete the certificate installation on the temporary Web site.
  • In the left preview pane of the IIS Manager window, locate the Web site that has the original server certificate. Right-click this web site and select Properties .


  • Click the Directory Security tab, and select Server Certificate .


  • The Certificate Wizard appears. Click Next .
  • Select Replace the current certificate and click Next.


  • From the list of available certificates, select the certificate installed to the temporary Web site and click Next.


  • Review the Certificate Summary, then click Next to install the certificate.


  • Click Finish to complete the certificate installation.


  • You can now delete the temporary Web site because it is no longer needed. Removing the temporary site will not affect your new certificate.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088